WE CLAIM: 



1 . A method for message authentication, comprising: 

generating a key pair associated with a domain, wherein a public 
component of the key pair is accessible to a domain name server (DNS) that is 
associated with the domain; 

if a message originates from a sender's address associated with 
the domain, employing a private component of the key pair to digitally sign the message 
and forwarding the digitally signed message towards a recipient of the message; and 

if the public component stored with the DNS verifies that the 
digitally signed message originated from the domain associated with the sender's 
address, providing the verified digitally signed message to the recipient. 

2. The method of Claim 1, further comprising a text record that is 
accessible to the DNS and which includes at least the public component of the key pair. 

3. The method of Claim 1 , further comprising generating a selector that is 
associated with the key pair, wherein the selector is employable to identify the key 
pair's public component for accessing by the DNS. 

4. The method of Claim 3, further comprising forming a lookup query for 
the DNS by combining the selector with the sender's address. 

5. The method of Claim 1, further comprising employing a mail server 
associated with the domain to forward the digitally signed message towards the 
recipient of the message. 

6. The method of Claim 1, further comprising employing a mail server 
associated with the domain to employ the private component of the key pair to digitally 
sign the message. 
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7. The method of Claim 1, further comprising employing a mail server that 
is associated with a domain of the recipient to verify the domain of origination for the 
message with the public component of the key pair. 

8. The method of Claim 1, further comprising employing a mail server that 
is associated with a domain of the recipient to provide the verified digitally signed 
message to the recipient. 

9. The method of Claim 1, further comprising accessing the public 
component of the key pair by employing a text record in a look up table for the DNS. 

10. The method of Claim 1 , further comprising generating a plurality of key 
pairs associated with the domain, wherein at least two key pairs are associated with at 
least two different senders and wherein each public component of each key pair is 
accessible by the DNS associated with the domain. 

1 1 . The method of Claim 10, further comprising separately associating 
private components of the at least two key pairs with at least two mail servers, wherein 
the at least two mail servers are associated with the domain. 

12. The method of Claim 10, wherein each private component of each key 
pair employs a mail server associated with the domain to forward the digitally signed 
message towards the recipient of the message. 

13. The method of Claim 1, further comprising employing one of a plurality 
of mail servers associated with the domain to digitally sign the message with the private 
component of the key pair and forward the digitally signed message towards the 
recipient. 

14. A system for message authentication, comprising: 
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a client that is enabled to generate at least one message for a recipient, 
wherein the client is associated with a domain; 

a mail server associated with the domain of the client, wherein the mail 
server performs actions, including: 

enabling the generation of a key pair associated with the domain, 
wherein a public component of the key pair is accessible to a DNS that is associated 
with the domain; and 

if a message from the client originates from the domain, enabling 
a private component of the key pair to digitally sign the message and forward the 
digitally signed message towards the recipient of the message; and 

a mail server associated with a domain of the recipient, wherein the mail 
server performs actions including enabling the public component stored with the DNS 
to verify that the digitally signed message originated from the domain associated with 
the client, and enabling each verified digitally signed message to be provided to the 
recipient. 

1 5. The system of Claim 14, wherein the message is at least one of an email, 
instant message (IM), short message service (SMS). 

16. The system of Claim 14, further comprises a text record that is accessible 
to the DNS and which includes at least the public component of the key pair. 

17. The system of Claim 14, further comprises a selector that is associated 
with the key pair, wherein the selector is employable to identify the key pair's public 
component for accessing by the DNS. 

1 8. The system of Claim 14, further comprising a plurality of key pairs that 
are associated with at least two different clients, wherein each public component of each 
key pair is accessible by the DNS associated with the domain. 
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19. A carrier wave signal that enables actions for message authentication, 
comprising: 

generating a key pair associated with a domain, wherein a public 
component of the key pair is accessible to a domain name server (DNS) that is 
associated with the domain; 

if a message originates from a sender's address associated with 
the domain, employing a private component of the key pair to digitally sign the message 
and forwarding the digitally signed message towards a recipient of the message; and 

if the public component stored with the DNS verifies that the 
digitally signed message originated from the domain associated with the sender's 
address, providing the verified digitally signed message to the recipient. 

20. The carrier wave signal of Claim 19, further comprising generating a 
selector that is associated with the key pair, wherein the selector is employable to 
identify the key pair's public component for accessing by the DNS. 

21. The carrier wave signal of Claim 19, further comprising generating a 
plurality of key pairs associated with the domain, wherein at least two key pairs are 
associated with at least two different senders and wherein each public component of 
each key pair is accessible by the DNS associated with the domain. 

22. The carrier wave signal of Claim 21, further comprising separately 
associating private components of the at least two key pairs with at least two mail 
servers, wherein the at least two mail servers are associated with the domain. 

23. The carrier wave signal of Claim 21, wherein each private component of 
each key pair employs a mail server associated with the domain to forward the digitally 
signed message towards the recipient of the message. 

24. A client that enables message authentication, comprising: 
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enabling the generation of a key pair associated with a domain, 
wherein a public component of the key pair is accessible to a domain name server 
(DNS) that is associated with the domain; 

if a message originates from a sender's address associated with 
the domain, enabling a private component of the key pair to be employed to digitally 
sign the message and forwarding the digitally signed message towards a recipient of the 
message; and 

if the public component stored with the DNS verifies that the 
digitally signed message originated from the domain associated with the sender's 
address, providing the verified digitally signed message to the recipient. 

25. The client of Claim 24, further comprising enabling the generation of a 
plurality of key pairs associated with the domain, wherein at least two key pairs are 
associated with at least two different senders and wherein each public component of 
each key pair is accessible by the DNS associated with the domain. 

26. The client of Claim 25, further comprising enabling the separate 
association of private components of the at least two key pairs with at least two mail 
servers, wherein the at least two mail servers are associated with the domain. 

27. The client of Claim 25, further comprising enabling each private 
component of each key pair to employ a mail server associated with the domain to 
forward the digitally signed message towards the recipient of the message. 

28. A server that enables message authentication, comprising: 

enabling the generation of a key pair associated with a domain, 
wherein a public component of the key pair is accessible to a domain name server 
(DNS) that is associated with the domain; 

if a message originates from a sender's address associated with 
the domain, enabling a private component of the key pair to be employed to digitally 
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sign the message and forwarding the digitally signed message towards a recipient of the 
message; and 

if the public component stored with the DNS verifies that the 
digitally signed message originated from the domain associated with the sender's 
address, providing the verified digitally signed message to the recipient. 

29. A method for enabling message authentication, comprising: 

means for enabling the generation of a key pair associated with a 

domain, wherein a public component of the key pair is accessible to a domain name 

server (DNS) that is associated with the domain; 

if a message originates from a sender's address associated with 

the domain, means for enabling a private component of the key pair to be employed to 

digitally sign the message and forwarding the digitally signed message towards a 

recipient of the message; and 

if the public component stored with the DNS verifies that the 

digitally signed message originated from the domain associated with the sender's 

address, means for providing the verified digitally signed message to the recipient. 
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